CFSP Process Applications 


Section 1: Multiple Choice EXAMPLE 


Candidate Exam Number (No Name): 


Please write down your name in the above provided space. Only one answer is correct. Please circle 
only the best possible answer. 


1 : Which of the following does not affect PFDavg? 
A. Lambda D. 
B. Proof test interval. 
C. Proof test coverage. 
D. SFF 


2 : Ancyclic process runs through a complete cycle every week. A hazardous event expected to place 
a demand on the safety function one time per cycle. A Type A single channel (1001) SIF has been 
designed with external automatic diagnostics (not part of safety function) that also runs every week. 
The following data is provided for the entire SIF: 

Lambda DD = 0.002 failures per year, 

Lambda DU = 0.0004 failures per year, 

Lambda SD = 0.006 failures per year, 

Lambda SU = 0.003 failures per year. 

The safety functions is fully proof tested every six months. 
To what SIL does this design qualify? 


A. Does not meet any SIL 
B. SIL1 
C. SIL2 
D. SIL3 


3 : For de-energize-to-trip safety system configurations using identical components in low demand 
mode, which is the correct ranking of architectures in terms of spurious trip rate: 


A. Lowest 1002, 2002, 2003, 1001 Highest 
B. Lowest 1001, 2002, 2003, 1002 Highest 
C. Lowest 2002, 2003, 1002, 1001 Highest 
D. Lowest 2002, 2003, 1001, 1002 Highest 
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4 : What does it mean for a system to have a fault tolerance of 2: 
A. Never fail dangerous after 1 random failure 
B. Never fail dangerous after 1 systematic failure 
C. Never fail dangerous after 2 random failures 


D. Never have 2 random failures 


5 : What is the best definition of risk? 
A. Consequence x Likelihood 
B. Likelihood x Frequency 
C. Consequence x Vulnerability 


D. Occupancy x Vulnerability 


6 : How many systematic hardware failures can a 2004 system withstand without losing the ability 
to perform the safety function? 


A. 0 
B. 1 
C.2 
D.3 


7 : If asystem with a wear out time of 5 years in normal service is proof tested every 3 years and 
replaced every 6 years, what is the average probability of failure on demand in normal service 
assuming a dangerous failure rate of 0.01 failures per year? 


A. 0.03 

B. 0.015 
C. 0.025 
D. 0.083 


E. It cannot be properly calculated under these conditions. 
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8 : Which of the following is not typically a mitigation layer of protection? 
A. Containment dike or bund 
B. Emergency services 
C. Fire suppression 


D. Alarm with operator intervention 


9 : Where is the best place to find information about a safety system component? 
A. IEC 61508 
B. IEC 61511 
C. The Safety Manual from the supplier 


D. Plant procedure documents 


10 : A “smart” transmitter has a total failure rate of 0.08 failures/year. The percentage of safe failures is 
75% and diagnostic coverage of dangerous failures is 20%. Assuming all diagnosed dangerous 
failures will immediately be converted to a safe process shutdown, what is the average 
probability of failure on demand if the transmitter is tested four times per year. The Mean Time 
To Repair is estimated to be 8 hours. 


A. 0.0002 
B. 0.0040 
C. 0.0020 
D. 0.0016 
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Section 2: Short Answer ee 


Candidate Exam Number (No Name): 


Please write down your exam number in the above provided space. Answer the questions in the space 
provided. If you need additional space please attach a separate sheet with your exam number on it. Make 
sure to number each attached sheet and label your answer with the corresponding question number. 


IMPORTANT NOTE: 

There are more than 20 points of questions in the short answer part of the exam. You are only required to 
answer questions totaling 20 points. You may choose to answer any combination of questions totaling at least 
20 points. Please clearly indicate which questions should and should not be assessed as part of the required 
20 points. 


1 : How should the response time of a safety function be determined as part of preparing the safety 
requirements specification? 
(2 points) 


2 : Name 4 aspects that MUST be true about safety system documentation according to 61511. 
(2 points) 
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3 : What are two main differences between continuous (or high demand) and demand (or low demand) mode safe 
(4 points) 


4 : Name three things that must be done before modifying a safety system according to IEC 61511. 
(2 points) 
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